Internet-Draft DataRight+ Rosetta Stone March 2024
Low & Kolera Expires 2 October 2024 [Page]
Workgroup:
datarightplus-parity
Internet-Draft:
draft-authors-datarightplus-rosetta-latest
Published:
Intended Status:
Informational
Expires:
Authors:
S. Low
Biza.io
B. Kolera
Biza.io

DataRight+ Rosetta Stone

Abstract

A rosetta stone for the DataRight Plus specifications.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 October 2024.

Table of Contents

1. Scope

The scope of this document is limited to the conversion of terms utilised within the DataRight Plus specification suite to jurisdictional terms within legal frameworks. The intent of delivering this document is to remove ambiguity from the broader specification set by isolating, generally legal, terms within a single document.

2. Terminology

This document defines the following terms:

Consumer
A Consumer represents an individual or a business for which a User has been granted permissions to perform actions on behalf of.
Ecosystem Authority
The Ecosystem Authority represents the designated arbiter of trust between Providers, Initiators and the Consumer. Further elaboration on the Ecosystem Authority is provided within [DATARIGHTPLUS-ADMISSION-CONTROL].
Electricity Authority
The Electricity Authority represents the holder of information pertaining to electricity meters and usage.
Initiator
A Initiator is a client application which conducts activities with a Provider server. In an authorisation context a Initiator is analogous with an [OIDC-Core] Relying Party (RP).
Initiator Brand
TODO
Personally Identifiable Information (PII)
Information that (a) can be used to identify the natural person to whom such information relates, or (b) is or might be directly or indirectly linked to a natural person to whom such information relates.
Provider
A Provider is a piece of server infrastructure which receives requests from an Initiator. In an authorisation context a Provider is analogous with an [OIDC-Core] OpenID Provider (OP).
User
A User is a human who provides an identifier unique to the individual and for which correlates to one or more Consumer relationships. In an authorisation context a User is analogous with an [OIDC-Core] End-User.

3. Ecosystem Specific Mappings

The following table provides a mapping from DataRight+ terminology to ecosystem specific terms.

Table 1
DataRight+ Australian CDR
Electricity Authority AEMO
Initiator Software Product
Initiator Brand Data Recipient Brand
Initiator Entity Data Recipient Legal Entity
Initiator Base URI Recipient Base URI
Provider Data Holder Brand
Provider Entity Data Holder
Consumer CDR Consumer
Ecosystem Authority CDR Register
User User
User Agent User Agent

3.1. Australian Consumer Data Right

3.1.1. CDR Consumer

A CDR Consumer is a business or individual who authorises the sharing of data stored by a CDR Data Holder on their behalf to a CDR Software Product with their permission. A User, regardless of their individual relationship with a Data Holder may also have access to zero or more non-individual Consumer's, for instance businesses that they have permission to make decisions for.

It is critical to note that a CDR Consumer is the individual entity of which data is being shared or actions are being performed on. Within the CDR there are various relationship types including:

  • Nominated Representatives: Authorised representatives of a specific corporate entity, for instance a company director
  • Secondary Users: Authorised parties who can access an individual Consumers data

3.1.2. Data Holder Brand

For the purposes of this specification a Data Holder is described as the party who is offering or has offered services to the Consumer and/or holds relevant data related to those services on behalf of the Consumer.

The types and format of that data is outside the scope of this particular specification but traditionally includes:

  • specific customer information such as name, addresses and phone numbers;
  • information related to services such as account numbers, pricing information and balances;
  • transaction/ledger information pertaining to services provided

Within the CDR ecosystem the mandated Data Holders are ostensible Banking and Energy providers. Additional sectors can be designated by way of a legally binding Designation Instrument coupled with changes to the CDR Rules.

3.1.4. Data Recipient

A CDR Data Recipient is a party that provides activities, such as data sharing, through the Consumer who participates in the authorisation process initiated by a Initiator. Please refer to the expanded description of Provider within this document.

3.1.5. Software Product

A Software Product is the listed value proposition, provided by a Data Recipient, which accesses a Data Holder Brand.

4. Acknowledgement

The following people contributed to this document:

5. Normative References

[DATARIGHTPLUS-ADMISSION-CONTROL]
Low, S., "DataRight+ Admission Control: Baseline", <https://datarightplus.github.io/datarightplus-admission-control/draft-datarightplus-admission-control.html>.
[OIDC-Core]
Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. Mortimore, "OpenID Connect Core 1.0 incorporating errata set 1", , <http://openid.net/specs/openid-connect-core-1_0.html>.

Authors' Addresses

Stuart Low
Biza.io
Ben Kolera
Biza.io